Lucene search
+L

1205 matches found

Hacker One
Hacker One
added 2016/04/24 4:17 a.m.54 views

QIWI: SSL Certificate on qiwi.com will expire soon.

The validity of the SSL certificate is about to expire on 15 may 2016. The browser will normally present the user with a warning message indicating that the certificate has expired. These warnings are extremely confusing for the typical web user, and cause most users to question the authenticity ...

2.5AI score
Exploits0
Packet Storm
Packet Storm
added 2016/03/11 12:0 a.m.52 views

Samsung SW Update Tool 2.2.5.16 Man-In-The-Middle

Advisory Information Title: Samsung SW Update Tool MiTM Advisory ID: CORE-2016-0003 Advisory URL: http://www.coresecurity.com/advisories/samsung-sw-update-tool-mitm Date published: 2016-03-07 Date of last update: 2016-03-04 Vendors contacted: Samsung Release mode: Coordinated release 2...

7.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/03/11 12:0 a.m.8 views

The vulnerability of the Apache Tomcat application server allows attackers to circumvent authenticity verification restrictions.

The vulnerability of the RequestUtil.java function in the Apache Tomcat application server is related to deficiencies in path name validation. Exploiting this vulnerability allows a malicious actor to bypass the authenticity verification provided by the SecurityManager by using the “/..” symbol i...

4CVSS6.6AI score0.12555EPSS
Exploits0References11Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/02/24 12:0 a.m.4 views

Vulnerability of the Windows operating system, allowing a perpetrator to execute arbitrary code

The vulnerability of the Windows Reader component of the Windows operating system is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created Reader file from a remote location...

9.3CVSS7.7AI score0.25942EPSS
Exploits0References2
Hacker One
Hacker One
added 2016/02/05 3:13 a.m.36 views

New Relic: A Signup page does not properly validate the authenticity token at the server side.

Description: POST /signups HTTP/1.1 Host: newrelic.com User-Agent: Mozilla/5.0 Windows NT 6.2; rv:43.0 Gecko/20100101 Firefox/43.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-NewRelic-ID: VQQHU1RbARABVlNWAgAGUA== X-CSRF-Token: Content-Type:...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/12/10 12:0 a.m.25 views

FreeBSD : redmine -- information leak vulnerability (49def4b7-9ed6-11e5-8f5c-002590263bf5)

Redmine reports : Potential data leak project names in the invalid form authenticity token error screen. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine...

5.4AI score
Exploits0References2
CNVD
CNVD
added 2015/12/02 12:0 a.m.6 views

RSI Video Technologies Frontel Data Authenticity Validation Vulnerability

RSI Video Technologies Frontel is a suite of receiver software for monitoring Videofied wireless video alarm systems from the French company RSI Video Technologies. A security vulnerability exists in RSI Video Technologies Frontel, which arises from the program's failure to protect the integrity ...

5.9CVSS6.8AI score0.00403EPSS
Exploits1References1
Hacker One
Hacker One
added 2015/11/24 1:20 a.m.63 views

Radancy: SSL certificate invalid date

This SSL certificate is either expired or not yet valid. Some browsers will continue connecting to the site after presenting the user with the warning, while others will prompt the user with a dialog box requesting their approval to proceed. These warnings are extremely confusing for the typical...

2.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2015/10/30 9:29 a.m.16 views

CVE-2008-3437

OpenOffice.org OOo before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...

7.5CVSS8.1AI score0.01893EPSS
Exploits0References2
CERT
CERT
added 2015/06/16 12:0 a.m.38 views

Samsung Galaxy S phones fail to properly validate SwiftKey language pack updates

Overview Samsung Galaxy S phones, including the S4 Mini, S4, S5, and S6, fail to properly validate Swiftkey language pack updates. Description CWE-345: Insufficient Verification of Data Authenticity - CVE-2015-4640Samsung Galaxy S phones, including the S4 Mini, S4, S5, and S6, are pre-installed...

2.9CVSS6.3AI score0.00945EPSS
Exploits1References7
Hacker One
Hacker One
added 2015/06/15 9:59 p.m.33 views

Airbnb: authenticity_token is not random across page loads

In order to protect against the Breach attack, the authenticity token needs to be unique on every page load. A simple fix is to mask the token with some random bytes, which is what ruby on rails did in version 4.2.0 the exact patch is here: https://github.com/rails/rails/pull/16570/files...

0.4AI score
Exploits0
CNVD
CNVD
added 2015/05/19 12:0 a.m.3 views

Hospira LifeCare PCA Infusion System Security Restriction Bypass Vulnerability

The Hospira LifeCare PCA Infusion System is an IV infusion pump that delivers medications to patients. Hospira LifeCare PCA Infusion System 5.0 and earlier versions are vulnerable to a data authenticity validation vulnerability in their implementation by uploading software updates, configuration...

9.3CVSS6.8AI score0.01242EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2015/05/07 2:58 p.m.11 views

Open Smart Grid Protocol Homegrown Crypto Weaknesses

In the three years since its inception, the Open Smart Grid Protocol has found its way into more than four million smart meters and similar devices worldwide. And like its SCADA, industrial control system, and embedded system brethren, it’s rife with security issues. Two researchers, Phillip...

0.4AI score
Exploits0References2
Hacker One
Hacker One
added 2015/03/10 1:1 a.m.34 views

X (Formerly Twitter): open redirect sends authenticity_token to any website or (ip address)

Hi, URL: https://mobile.twitter.com//example/messages there is double slash before "example" word when you click "send" after writing a message the authenticitytoken will send to https://example this URL doesn't allow any dots in it, so i can not write //example.com but when i write a number it...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2015/03/02 1:7 a.m.67 views

X (Formerly Twitter): Open Redirect leak of authenticity_token lead to full account take over.

Hey guys URL: https://mobile.twitter.com/messages/follow?recipient=/example.com when I click 'Follow' I will send my POST request to https://example.com witch contains my authenticitytoken that can be used for anything like tweeting, following, sending messages, changing username.,.,.etc it can b...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2015/02/27 3:48 a.m.26 views

HackerOne: Substantially weakened authenticity verification when using 'Remember me for a week'

Hello HackerOne, I noticed that in order to access data bound to a user's permissions, say their own bug reports, or CSRF-token, you only need one certain cookie, which is rememberusertoken, and although it is sent when the user uses HackerOne in a normal fashion, the session cookie is ignored an...

6.8AI score
Exploits0
NVD
NVD
added 2015/02/19 3:59 p.m.17 views

CVE-2015-1585

Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery CSRF attacks via a request without the authenticitytoken, as demonstrated by a crafted HTML page that creates a new administrator account...

6.8CVSS6.4AI score0.01094EPSS
Exploits3References4
Prion
Prion
added 2015/02/19 3:59 p.m.17 views

Cross site request forgery (csrf)

Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery CSRF attacks via a request without the authenticitytoken, as demonstrated by a crafted HTML page that creates a new administrator account...

6.8CVSS6.9AI score0.01094EPSS
Exploits3References4Affected Software1
Hacker One
Hacker One
added 2015/02/11 8:3 p.m.76 views

HackerOne: CSP Bypass: Click handler for links with data-method="post" can cause authenticity_token to be sent off domain

Background - There has been at least one case where an attacker was able to insert arbitrary HTML into a submitted report - HackerOne uses a very strict Content Security Policy that prevents inline script and script from other origins - HackerOne uses an authenticitytoken in its POSTs to guard...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2015/02/05 1:8 p.m.61 views

Enter: CSRF token leakage

Hi, I have noticed that when the account verification fails here : https://wallet.robocoin.com/verify/ due to an error, the CSRF token is being leaked via GET method like : https://wallet.robocoin.com/verify/id?csrf=b8ede20d-0c0b-4e16-9d05-6ad2ed8b72c4 So the authenticity token is being stored in...

6.8AI score
Exploits0
Rows per page
Query Builder